// DAILY INTELLIGENCE FEED · MSP & HELPDESK
ARCHIVEBLOGSUBSCRIBE FREE →
← back to archive
// ARCHIVED ISSUE

Monday, July 6, 2026

2 CRITICAL2 WARNING4 storiesin𝕏
// FROM THE FLOOR
RISK_LEVEL: 🔴 HIGH

Pull your Exchange, Fortinet, and SonicWall inventory right now and build a patch priority list based on which devices face the internet or handle sensitive auth.

// full analysis + daily context delivered to subscribers → subscribe free
🔐 SECURITY2 items
CRITICAL🔐 Security

Exchange Server CVE-2026-42897 Spoofing Flaw on CISA KEV — Only Actively Exploited Issue in June Patch Tuesday

CVE-2026-42897, a CVSS 8.1 Exchange Server spoofing vulnerability, is the sole actively exploited issue from the June 2026 Patch Tuesday cycle and is listed on the CISA KEV catalog. Security teams should patch Exchange first within this cycle; users should also be warned about suspicious Office/Word documents given related social-engineering campaigns observed alongside Exchange exploitation. The June cycle also patched critical Hyper-V out-of-bounds read flaws (CVE-2026-47652, CVE-2026-45641, CVE-2026-45607) and four critical RDP Client CVEs requiring immediate attention.

Read more →
WARNING🔐 Security

Microsoft Edge CVE-2026-57983 Security Feature Bypass — Patch Promptly on Privileged Endpoints

Microsoft disclosed CVE-2026-57983, a security feature bypass in Chromium-based Edge, with limited public technical detail as of 3 July 2026; no confirmed in-the-wild exploitation has been reported but the vulnerability is real and patched. Security feature bypasses are catalytic when paired with phishing or post-exploitation tradecraft, so risk is highest on administrator and helpdesk machines. MSPs should verify Edge build versions across all managed endpoints and ensure update deferral policies are not blocking the latest Stable Channel release.

Read more →
🔥 NETWORKING2 items
CRITICAL🔥 Networking

CRITICAL: 'FortiBleed' — 86,644 Fortinet Firewall Credential Sets Leaked Across 194 Countries

A Russian-speaking criminal crew published working administrator and VPN credentials for roughly half of all internet-facing Fortinet devices globally in what is being called 'FortiBleed'; CISA, the UK NCSC, and Fortinet's own PSIRT issued emergency guidance within six days of researchers flagging the cache in mid-June 2026. Fortinet states no new vulnerability was exploited — attackers weaponised weak passwords, legacy hash storage from previously compromised configuration files accumulated over years of prior exploitation campaigns. Immediate action: assume compromise on any FortiGate that was ever internet-exposed, rotate all credentials, enforce MFA before hunting for IOCs.

Read more →
WARNING🔥 Networking

SonicWall SMA1000 SQL Injection CVE-2026-4112 — Admin Privilege Escalation Patched

SonicWall patched four vulnerabilities in SMA1000 series firewalls including CVE-2026-4112, a high-severity SQL injection flaw that allows an attacker with read-only admin privileges to escalate to primary admin rights. Three additional issues in the same batch allow SSL VPN credential enumeration and TOTP authentication bypass; SonicWall has no confirmed wild exploitation but urges immediate patching. Update SMA1000 appliances to the latest firmware version without delay.

Read more →
Friday, July 3, 2026
// this lands in your inbox every weekday

This is what you get — every weekday, free.

Subscribers get the full “From the Floor” take with every issue — not just the news summary you just read.
Written from 12 years on the helpdesk floor. Always free.

// no spam · every weekday morning · unsubscribe anytime

LATESTARCHIVEBLOGSUBSCRIBE

// AI-assisted · always verify before acting · not professional security advice